Beyond the Office Walls: Understanding Security and Shadow Security Behaviours in a Remote Work Context

Authors: 

Sarah Alromaih, University of Oxford and King Abdulaziz City for Science and Technology; Ivan Flechais, University of Oxford; George Chalhoub, University of Oxford and University College London

Abstract: 

Organisational security research has primarily focused on user security behaviour within workplace boundaries, examining behaviour that complies with security policies and behaviour that does not. Here, researchers identified shadow security behaviour: where security-conscious users apply their own security practices which are not in compliance with official security policy. Driven by the growth in remote work and the increasing diversity of remote working arrangements, our qualitative research study aims to investigate the nature of security behaviours within remote work settings. Using Grounded Theory, we interviewed 20 remote workers to explore security related practices within remote work. Our findings describe a model of personal security and how this interacts with an organisational security model in remote settings. We model how remote workers use an appraisal process to relate the personal and organisational security models, driving their security-related behaviours. Our model explains how different levels of alignment between the personal and organisational models can drive compliance, non-compliance, and shadow security behaviour in remote work settings. We discuss the implications of our findings for remote work security and highlight the importance of maintaining informal security communications for remote workers, homogenising security interactions, and adopting user experience design for remote work solutions.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {298848,
author = {Sarah Alromaih and Ivan Flechais and George Chalhoub},
title = {Beyond the Office Walls: Understanding Security and Shadow Security Behaviours in a Remote Work Context},
booktitle = {Twentieth Symposium on Usable Privacy and Security (SOUPS 2024)},
year = {2024},
isbn = {978-1-939133-42-7},
address = {Philadelphia, PA},
pages = {507--525},
url = {https://www.usenix.org/conference/soups2024/presentation/alromaih},
publisher = {USENIX Association},
month = aug
}

Presentation Video